【求助】Backdoor.Ginwui.a怎么杀？谢谢！！！在线等 bbs.ikaka.com

我爱Vc - 2006-8-15 14:53:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 14:38:22, 日期 2006-8-15
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\rising\rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\windows\system32\wincfgs.exe
C:\Program Files\rising\rav\RavTimer.exe
C:\Program Files\rising\rav\RavMon.exe
D:\程序1\结巴\SysExplr.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
D:\程序1\迅雷\雷之源\lservice.exe
D:\程序1\迅雷\Program\Thunder5.exe
C:\WINDOWS\system32\conime.exe
D:\程序1\Tencent\qq\QQ.exe
D:\程序1\Tencent\qq\TIMPlatform.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\1\桌面\123456~\HijackThis.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F3 - REG:win.ini: load=C:\windows\system32\wincfgs.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\相嗥片瑅vcd\新挛文募件夹? (2)\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: RealPlayer G2 Control - {1002C84D-A326-2D3C-13F3-2C2474392A91} - C:\WINDOWS\system32\flash9.dll
O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\dde5wi.dll
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\程序1\迅雷\ComDlls\XunLeiBHO_001.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\程绦序?1\IEBand.dll (file missing)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [odaf] RunDll32 "C:\WINDOWS\Downlo~1\odaf.dll",Run
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [SysExplr] D:\程序1\结巴\SysExplr.EXE
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - 启动项HKLM\\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - 启动项HKLM\\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyShares] c:\program Files\易虎\MyShares.exe /tray
O4 - HKCU\..\Run: [LocalSystem] C:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [Syss] C:\DOCUME~1\1\LOCALS~1\Temp\ehuupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\程序1\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\程序1\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: YOK超级搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\程序1\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 易趣购物 - C:\Program Files\AD4All\link1\ebaylink.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\程序1\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\程序1\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\程序1\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 豪杰超级解霸V8实时播放 - D:\程序1\结巴\MPURLGET.HTM
O9 - 浏览器额外的按钮: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\程序1\结巴\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\程序1\结巴\STHSDVD.EXE
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=65 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=65 (file missing)
O9 - 浏览器额外的按钮: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A1F230-3E80-4A32-9437-1E28B991E0B0}: NameServer = 202.106.46.151 202.106.0.20
O20 - AppInit_DLLs: C:\WINDOWS\system32\zsyhide.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

我爱Vc - 2006-8-15 14:54:00

【回复“十剑飘香”的帖高手，是这个吗？

我爱Vc - 2006-8-16 8:32:00

ding

oo123oo3 - 2006-8-16 8:37:00

C:\windows\system32\wincfgs.exe
1、Ctl+Alt+Del 打开任务管理器结束wincfgs进程。
2、控制面版-文件夹选项-设置显示系统文件及隐藏文件。
3、删除C:\windows\KB20060111.exe（也许文件名不同，和记事本一样的蓝色图标）。
4、删除C:\windows\system32\wincfgs.exe（黄色问号图标的隐藏系统文件）。
5、开始-运行-regedit-进入注册表编辑器-编辑-查找-记得将"项、值、数据"这三个查找选项选上，搜索"KB20060111.exe"，删除找到的项/值，按F3键查找下一个并删除项/值，直到搜索完毕。同理搜索删除".\RECYCLER\RECYCLER\autorun.exe"和 "wincfgs.exe"的相关项/值。
6、注册表-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]清理与wincfgs相关的开机启动项。(因为第5步已经删除，如果没有看到wincfgs相关项则略过)
7、开始-运行-msconfig-点最后的"启动"-取消"wincfgs"-确定-重启-重启后问你是否每次开机都显示***，选择否。(没有看到wincfgs启动项则略过)

修复
R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F3 - REG:win.ini: load=C:\windows\system32\wincfgs.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\相嗥片瑅vcd\新挛文募件夹? (2)\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O4 - 启动项HKLM\\Run: [SysExplr] D:\程序1\结巴\SysExplr.EXE
O4 - HKCU\..\Run: [Syss] C:\DOCUME~1\1\LOCALS~1\Temp\ehuupdate.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\zsyhide.dll

删除文件
C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
C:\DOCUME~1\1\LOCALS~1\Temp\ehuupdate.exe
D:\程序1\结巴\SysExplr.EXE

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王在（安全模式下）卸载提示流氓软件..

我爱Vc - 2006-8-17 9:04:00

【回复“oo123oo3”的帖子】修复是什么意思？这个病毒叫什么名字？

oo123oo3 - 2006-8-17 9:07:00

【回复“我爱Vc”的帖子】
你按照我说的方法去做。能解决的。
（修复）是hijackthis扫描出来的。。中间有项目。。把要修复的项目前打个勾。然后左下角有个修复`点他就可以了。。

我爱Vc - 2006-8-17 9:13:00

【回复“oo123oo3”的帖子】谢谢！！！我照做

我爱Vc - 2006-8-20 14:42:00

那个病毒由来了

westbeck - 2006-8-20 15:05:00

楼主你照5楼的做了吗?
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

我爱Vc - 2006-8-21 20:11:00

我用5楼的朋友方法，查杀完，不过第二天还会有，再用hijackthis扫描，结果如下：

HijackThis_815汉化版扫描日志 V1.99.1
保存于 16:40:31, 日期 2006-8-21
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\rising\rav\CCenter.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\windows\system32\wincfgs.exe
C:\Program Files\rising\rav\RavTimer.exe
C:\Program Files\rising\rav\RavMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\程序1\结巴\SysExplr.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\程序1\MagicSet\SRIECLI.EXE
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
D:\程序1\迅雷\Program\Thunder5.exe
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
C:\DOCUME~1\1\LOCALS~1\Temp\20060426.bak
E:\Photoshop.exe
E:\相片VCD\新文件夹\ScanWizard5.exe
C:\Documents and Settings\1\桌面\123456~\HijackThis.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F3 - REG:win.ini: load=C:\windows\system32\wincfgs.exe
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\f3l.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\程绦序?1\IEBand.dll (file missing)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [odaf] RunDll32 "C:\WINDOWS\Downlo~1\odaf.dll",Run
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - 启动项HKLM\\Run: [SysExplr] D:\程序1\结巴\SysExplr.EXE
O4 - 启动项HKLM\\Run: [aij1] RunDll32 "C:\WINDOWS\Downlo~1\aij1.dll",Run
O4 - 启动项HKLM\\Run: [qw87uxs] RunDll32 "C:\WINDOWS\Downlo~1\qw87uxs.dll",Run
O4 - 启动项HKLM\\Run: [SearchNet_Up] C:\Program Files\SearchNet\ServeUp.exe
O4 - 启动项HKLM\\Run: [SrvNet32] RunDll32 "C:\Program Files\SearchNet\SrvNet32.dll",Run
O4 - 启动项HKLM\\Run: [zzGBK] H:\setup.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\程序1\MagicSet\SRIECLI.EXE /LOAD
O4 - Startup: 地址栏搜索.lnk = C:\Program Files\SearchNet\ServeUp.exe
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\程序1\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\程序1\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\程序1\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\程序1\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\程序1\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\程序1\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\程序1\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\程序1\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\程序1\结巴\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\程序1\结巴\STHSDVD.EXE
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A1F230-3E80-4A32-9437-1E28B991E0B0}: NameServer = 202.106.46.151 202.106.0.20
O20 - AppInit_DLLs: C:\WINDOWS\system32\zsyhide.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

我爱Vc - 2006-8-21 20:22:00

重起机器后，病毒被我忽略了，扫描如下：

2006-08-21,20:10:51

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<Super Rabbit IEPro><D:\程序1\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\windows\system32\wincfgs.exe> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<RavTimer><C:\Program Files\rising\rav\RavTimer.exe> [rising]
<RavMon><C:\Program Files\rising\rav\RavMon.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<odaf><RunDll32 "C:\WINDOWS\Downlo~1\odaf.dll",Run> [Microsoft Corporation]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<ExFilter><Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"> []
<SysExplr><D:\程序1\结巴\SysExplr.EXE> []
<aij1><RunDll32 "C:\WINDOWS\Downlo~1\aij1.dll",Run> [Microsoft Corporation]
<qw87uxs><RunDll32 "C:\WINDOWS\Downlo~1\qw87uxs.dll",Run> [Microsoft Corporation]
<SearchNet_Up><C:\Program Files\SearchNet\ServeUp.exe> [中搜在线]
<CdnCtr><> []
<SrvNet32><RunDll32 "C:\Program Files\SearchNet\SrvNet32.dll",Run> []
<zzGBK><H:\setup.exe> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<RavMon><C:\Program Files\rising\rav\RavMon.exe /AUTO> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\WINDOWS\system32\zsyhide.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zsydll]
<WinlogonNotify: zsydll><C:\WINDOWS\system32\zsydll.dll> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; > []

==================================
启动文件夹
[地址栏搜索]
<C:\Documents and Settings\1\「开始」菜单\程序\启动\地址栏搜索.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[InCD Helper / InCDsrv]
<C:\Program Files\Ahead\InCD\InCDsrv.exe><Nero AG>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<C:\Program Files\rising\rav\CCenter.exe><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[IE Address Browser Helper]
{2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[IE Browser Helper]
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\f3l.dll, 中搜在线软件有限公司>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\程序1\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <D:\程序1\结巴\STHSDVD.EXE, herosoft>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\程绦序?1\IEBand.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[RealPlayer G2 Control]
{1002C84D-A326-2D3C-13F3-2C2474392A91} <, N/A>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <, N/A>
[IE Address Browser Helper]
{2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[IE Browser Helper]
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\f3l.dll, 中搜在线软件有限公司>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\程绦序?1\IEBand.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&Google Search]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&使用迅雷下载]
<D:\程序1\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\程序1\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\程序1\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\程序1\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\程序1\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\程序1\Tencent\qq\SendMMS.htm, N/A>

我爱Vc - 2006-8-21 20:28:00

接楼上：

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 564][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\Program Files\Ahead\InCD\InCDsrv.exe] <Nero AG><4, 3, 18, 0>
[C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll] <Ahead Software AG><1, 0, 0, 17>
[C:\Program Files\Ahead\InCD\incdshx.dll] <Nero AG><4, 3, 18, 0>
[PID: 1088][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][C:\Program Files\rising\rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1236][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1256][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1376][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>
[C:\Program Files\Ahead\InCD\incdshx.dll] <Nero AG><4, 3, 18, 0>
[PID: 1588][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\E_FLMAIP.DLL] <SEIKO EPSON CORPORATION><5, 7, 0, 0>
[C:\WINDOWS\system32\HPDCMON.DLL] <Hewlett-Packard><03.40.00>
[PID: 1712][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>

我爱Vc - 2006-8-21 20:29:00

接楼上：

[PID: 348][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] <Microsoft Corporation><7.00.9064.9150>
[PID: 464][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1708][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1824][C:\windows\system32\wincfgs.exe] <N/A><N/A>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 1484][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1860][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1996][C:\Program Files\rising\rav\RavTimer.exe] <rising><16, 0, 0, 23>
[C:\Program Files\rising\rav\Language.dll] <RiSing><15, 0, 0, 17>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\rising\rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1368][C:\Program Files\rising\rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
[C:\Program Files\rising\rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\rising\rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>
[PID: 2116][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 2156][D:\程序1\结巴\SysExplr.EXE] <N/A><N/A>
[D:\程序1\结巴\HttpReq.dll] <N/A><N/A>
[D:\程序1\结巴\CoolMenu.dll] <N/A><N/A>
[D:\程序1\结巴\httphlp.dll] <N/A><N/A>
[D:\程序1\结巴\AVCDROM.dll] <N/A><N/A>
[D:\程序1\结巴\Sys936.DLL] <N/A><N/A>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>
[PID: 2456][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.0.14>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 2500][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 2704][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[PID: 2732][D:\程序1\MagicSet\SRIECLI.EXE] <Super Rabbit Soft><7.76>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[D:\程序1\MagicSet\shlobj71.ocx] <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
[PID: 3540][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\SearchNet\SNHpr.dll] <Beijing Zhongsou Online Software><1, 0, 3, 0>
[C:\WINDOWS\Downlo~1\f3l.dll] <中搜在线软件有限公司><2, 0, 2, 5>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 3816][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3176][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>
[PID: 3320][C:\DOCUME~1\1\LOCALS~1\Temp\Rar$EX00.015\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
[C:\Program Files\SearchNet\SrvNet32.dll] <中搜在线><1, 0, 2, 7>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛